Re: iptables and mysql...

From: Crucificator (crucificator_at_home.ro)
Date: 07/06/04

  • Next message: Crucificator: "Re: iptables and mysql..."
    Date: Tue, 06 Jul 2004 09:48:36 +0300
    To: General Red Hat Linux discussion list <redhat-list@redhat.com>
    
    

    Jason Dixon wrote:

    > On Jul 5, 2004, at 1:43 PM, Crucificator wrote:
    >
    >> Jason Dixon wrote:
    >>
    >>> On Jul 2, 2004, at 9:34 AM, bruce wrote:
    >>>
    >>>> i'm investigating what needs to be done to allow mysql on a server
    >>>> to be
    >>>> used remotely by client machines. each machine is running iptables.
    >>>> so i'm
    >>>> wondering what has to be in the iptables for the machine being used
    >>>> as the
    >>>> mysql server, as well as the client machines that will be
    >>>> communicating with
    >>>> the mysql box...
    >>>
    >>>
    >>>
    >>> If you're concerned with data sniffing in transit, you might also
    >>> consider one of the following:
    >>>
    >>> - tunnelling your client connections through SSH
    >>> - MySQL-4.x supports SSL connections with x.509 certificates
    >>
    >
    >> mostly when you put up a mysql server you need it for building
    >> dynamic pages with php let's say. So when you do such thing you only
    >> need to allow connections from localhost because connection is made
    >> from server-side. If this doesn't apply to you then you should check
    >> out stunnel.
    >
    >
    > I suggest you reserve your comments for threads where you have
    > sufficient experience. Most DBA's are probably giggling at your
    > comment. Real web applications routinely (more often than not)
    > segregate their data store on separate (redundant) servers. Using SSL
    > connections in addition to x.509 certs provides not only encryption,
    > but authentication as well.
    >
    > --
    > Jason Dixon, RHCE
    > DixonGroup Consulting
    > http://www.dixongroup.net
    >
    >
    >
    Dear Jason, most NA are probably giggling at your comment. I currently
    administer such a server wich serves tunneled dynamic HTTP for SQL for
    42 locations country-wide. We DO NOT have redundant servers. Have you
    heard of RAID solutions? And it saves bandwidth, time and money as well.
    I believe the lack of experience lies elsewere...

    -- 
    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    https://www.redhat.com/mailman/listinfo/redhat-list
    

  • Next message: Crucificator: "Re: iptables and mysql..."

    Relevant Pages

    • RE: Got Postfix now what?
      ... > On Behalf Of Jason Dixon ... > throw a potentially exploitable server out there in the wild. ... > Jwp, if you want to learn the art of sysadmin'g a mailserver, great. ... I am not setting this up to use as a primary e-mail ...
      (Fedora)
    • Re: hardware compatability
      ... laptop to server to embedded appliance, ... your goals are. ... Jason Dixon ...
      (RedHat)
    • Re: rhn applet error
      ... Jason Dixon wrote: ... The RedHat servers seem to block ping all the time.. ... The server is up however... ...
      (RedHat)
    • Re: Router/Firewall Recommendation
      ... >> Wireless LAN Security FAQ ... > server nor the member's bandwidth should have to endure your idiocy. ... > Jason Dixon, RHCE ...
      (RedHat)
    • Re: SBS 2003 IIS BASED SERVICES FAIL INTERMITTENTLY
      ... If I read your post correctly, you have a switch where the SBS ... Run DHCP server on your SBS, and set all client machine nics to dynamic. ... Once you have your nics configured, run the Connect to the Internet wizard, ... QUESTION1 - what is REFUSING CONNECTIONS? ...
      (microsoft.public.windows.server.sbs)